HIPAA

The value and vulnerability of PHI has been repeatedly demonstrated by criminal attempts to obtain it for fraudulent purposes. Every organization that handles this type of data must be prepared to defend it.

If mediation or arbitration requires disclosure of or questioning about PHI to the neutral mediator or arbitrator, is the neutral covered by the HIPAA PHI restrictions, and if so, should the neutral be considered a business associate?

espite the considerable gains that have been made in healthcare security and privacy practices, some security analysts regard the healthcare industry as a whole as woefully unprepared for a focused cyberattack and believe that a massive healthcare data breach is inevitable